SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe kernel driver for /dev/midistat implements a handler for read(2).
This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat's data buffer. Impact : The races allow a program to read kernel memory within a 4GB window centered at midistat's data buffer. The buffer is allocated each time the device is opened, so an attacker is not limited to a static 4GB region of memory.
On 32-bit platforms, an attempt to trigger the race may cause a page fault in kernel mode, leading to a panic.
SolutionUpdate the affected packages.